database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-07-30 19:03:16 +03:00
Code Activity

Fix some segfaults that could occur in obscure circumstances where error messages contained characters that could be mistaken for printf format specifiers.

Browse Source 
FossilOrigin-Name: f91471e7234db490f97298b1ccb8d6c7fc45b089
This commit is contained in:
dan
2010-10-21 15:12:44 +00:00
parent 3edd8a555d
commit 06b5db0e39
6 changed files with 38 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
manifest
View File

@ -1,8 +1,5 @@
-----BEGIN PGP SIGNED MESSAGE----- C Fix\ssome\ssegfaults\sthat\scould\soccur\sin\sobscure\scircumstances\swhere\serror\smessages\scontained\scharacters\sthat\scould\sbe\smistaken\sfor\sprintf\sformat\sspecifiers.
Hash: SHA1 D 2010-10-21T15:12:44
C Fix\sa\stypo-bug\sthat\sprevented\s--disable-amalgamation\sfrom\sworking\sin\nMakefile.in.\s\sAlso\sfix\san\soverly\slong\sline\sin\sMakfile.in.
D 2010-10-21T12:34:30
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 2c8cefd962eca0147132c7cf9eaa4bb24c656f3f F Makefile.in 2c8cefd962eca0147132c7cf9eaa4bb24c656f3f
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@ -233,10 +230,10 @@ F src/vdbe.h 4de0efb4b0fdaaa900cf419b35c458933ef1c6d2
F src/vdbeInt.h 7f4cf1b2b69bef3a432b1f23dfebef57275436b4 F src/vdbeInt.h 7f4cf1b2b69bef3a432b1f23dfebef57275436b4
F src/vdbeapi.c 5368714fa750270cf6430160287c21adff44582d F src/vdbeapi.c 5368714fa750270cf6430160287c21adff44582d
F src/vdbeaux.c de0b06b11a25293e820a49159eca9f1c51a64716 F src/vdbeaux.c de0b06b11a25293e820a49159eca9f1c51a64716
F src/vdbeblob.c 258a6010ba7a82b72b327fb24c55790655689256 F src/vdbeblob.c 6e10c214efa3514ca2f1714773cc4cc5c7b05175
F src/vdbemem.c 23723a12cd3ba7ab3099193094cbb2eb78956aa9 F src/vdbemem.c 23723a12cd3ba7ab3099193094cbb2eb78956aa9
F src/vdbetrace.c 864cef96919323482ebd9986f2132435115e9cc2 F src/vdbetrace.c 864cef96919323482ebd9986f2132435115e9cc2
F src/vtab.c 6c90e3e65b2f026fc54703a8f3c917155f419d87 F src/vtab.c b297e8fa656ab5e66244ab15680d68db0adbec30
F src/wal.c 0dc7eb9e907a2c280cdcde876d313e07ea4ad811 F src/wal.c 0dc7eb9e907a2c280cdcde876d313e07ea4ad811
F src/wal.h 96669b645e27cd5a111ba59f0cae7743a207bc3c F src/wal.h 96669b645e27cd5a111ba59f0cae7743a207bc3c
F src/walker.c 3112bb3afe1d85dc52317cb1d752055e9a781f8f F src/walker.c 3112bb3afe1d85dc52317cb1d752055e9a781f8f
@ -459,7 +456,7 @@ F test/in.test 19b642bb134308980a92249750ea4ce3f6c75c2d
F test/in2.test 5d4c61d17493c832f7d2d32bef785119e87bde75 F test/in2.test 5d4c61d17493c832f7d2d32bef785119e87bde75
F test/in3.test 3cbf58c87f4052cee3a58b37b6389777505aa0c0 F test/in3.test 3cbf58c87f4052cee3a58b37b6389777505aa0c0
F test/in4.test 64f3cc1acde1b9161ccdd8e5bde3daefdb5b2617 F test/in4.test 64f3cc1acde1b9161ccdd8e5bde3daefdb5b2617
F test/incrblob.test fa2cd937f59f5231bfdc2aa152ee184bf254ca02 F test/incrblob.test 76e787ca3301d9bfa6906031c626d26f8dd707de
F test/incrblob2.test edc3a96e557bd61fb39acc8d2edd43371fbbaa19 F test/incrblob2.test edc3a96e557bd61fb39acc8d2edd43371fbbaa19
F test/incrblob_err.test c577c91d4ed9e8336cdb188b15d6ee2a6fe9604e F test/incrblob_err.test c577c91d4ed9e8336cdb188b15d6ee2a6fe9604e
F test/incrvacuum.test 453d1e490d8f5ad2c9b3a54282a0690d6ae56462 F test/incrvacuum.test 453d1e490d8f5ad2c9b3a54282a0690d6ae56462
@ -797,7 +794,7 @@ F test/vacuum4.test d3f8ecff345f166911568f397d2432c16d2867d9
F test/varint.test ab7b110089a08b9926ed7390e7e97bdefeb74102 F test/varint.test ab7b110089a08b9926ed7390e7e97bdefeb74102
F test/veryquick.test 7701bb609fe8bf6535514e8b849a309e8f00573b F test/veryquick.test 7701bb609fe8bf6535514e8b849a309e8f00573b
F test/view.test 45f518205ecdb6dd23a86dd4a99bb4ae945e625d F test/view.test 45f518205ecdb6dd23a86dd4a99bb4ae945e625d
F test/vtab1.test 9bc4a349a1989bcd064eb3b8fac2f06aca64297a F test/vtab1.test 7b79832824cbae37ff01a06ed155027f7c15bf9e
F test/vtab2.test 7bcffc050da5c68f4f312e49e443063e2d391c0d F test/vtab2.test 7bcffc050da5c68f4f312e49e443063e2d391c0d
F test/vtab3.test baad99fd27217f5d6db10660522e0b7192446de1 F test/vtab3.test baad99fd27217f5d6db10660522e0b7192446de1
F test/vtab4.test 942f8b8280b3ea8a41dae20e7822d065ca1cb275 F test/vtab4.test 942f8b8280b3ea8a41dae20e7822d065ca1cb275
@ -876,14 +873,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
P 1e0db99797be2821716de7138931ebd5cf8fa63b P 2c3c4ba035e548e97101142692133cf685da16bc
R 27c980fabcc9224b8f93e2c194859c02 R 18a7b139ced85b4a9a48c95f0f44b0f9
U drh U dan
Z 5cd8cc8e5437bb048203dc5411dcdfb2 Z ed59bb88307b21a6af9f1327c9400518
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD4DBQFMwDNdoxKgR168RlERAhyoAJ9KXMEZDSgWeuiZ9fcEOsaX+xwW5ACYv6SC
dUoJE9sYCjU60A5b4LhubA==
=UcdN
-----END PGP SIGNATURE-----

2
manifest.uuid
View File

@ -1 +1 @@
2c3c4ba035e548e97101142692133cf685da16bc f91471e7234db490f97298b1ccb8d6c7fc45b089

4
src/vdbeblob.c
View File

@ -231,7 +231,7 @@ int sqlite3_blob_open(
nAttempt++; nAttempt++;
rc = sqlite3_finalize((sqlite3_stmt *)v); rc = sqlite3_finalize((sqlite3_stmt *)v);
sqlite3DbFree(db, zErr); sqlite3DbFree(db, zErr);
zErr = sqlite3MPrintf(db, sqlite3_errmsg(db)); zErr = sqlite3MPrintf(db, "%s", sqlite3_errmsg(db));
v = 0; v = 0;
} }
} while( nAttempt<5 && rc==SQLITE_SCHEMA ); } while( nAttempt<5 && rc==SQLITE_SCHEMA );
@ -278,7 +278,7 @@ blob_open_out:
if( v && (rc!=SQLITE_OK || db->mallocFailed) ){ if( v && (rc!=SQLITE_OK || db->mallocFailed) ){
sqlite3VdbeFinalize(v); sqlite3VdbeFinalize(v);
} }
sqlite3Error(db, rc, zErr); sqlite3Error(db, rc, (zErr ? "%s" : 0), zErr);
sqlite3DbFree(db, zErr); sqlite3DbFree(db, zErr);
sqlite3StackFree(db, pParse); sqlite3StackFree(db, pParse);
rc = sqlite3ApiExit(db, rc); rc = sqlite3ApiExit(db, rc);

2
src/vtab.c
View File

@ -672,7 +672,7 @@ int sqlite3_declare_vtab(sqlite3 *db, const char *zCreateTable){
} }
db->pVTab = 0; db->pVTab = 0;
}else{ }else{
sqlite3Error(db, SQLITE_ERROR, zErr); sqlite3Error(db, SQLITE_ERROR, (zErr ? "%s" : 0), zErr);
sqlite3DbFree(db, zErr); sqlite3DbFree(db, zErr);
rc = SQLITE_ERROR; rc = SQLITE_ERROR;
} }

9
test/incrblob.test
View File

@ -677,5 +677,14 @@ do_test incrblob-8.7 {
execsql {SELECT b FROM t1 WHERE a = 314159} execsql {SELECT b FROM t1 WHERE a = 314159}
} {etilqs} } {etilqs}
# The following test case exposes an instance in the blob code where
# an error message was set using a call similar to sqlite3_mprintf(zErr),
# where zErr is an arbitrary string. This is no good if the string contains
# characters that can be mistaken for printf() formatting directives.
#
do_test incrblob-9.1 {
list [catch { db incrblob t1 "A tricky column name %s%s" 1 } msg] $msg
} {1 {no such column: "A tricky column name %s%s"}}
finish_test finish_test

15
test/vtab1.test
View File

@ -1163,5 +1163,20 @@ ifcapable altertable {
incr tn incr tn
} }
# The following test case exposes an instance in sqlite3_declare_vtab()
# an error message was set using a call similar to sqlite3_mprintf(zErr),
# where zErr is an arbitrary string. This is no good if the string contains
# characters that can be mistaken for printf() formatting directives.
#
do_test vtab1-17.1 {
execsql {
PRAGMA writable_schema = 1;
INSERT INTO sqlite_master VALUES(
'table', 't3', 't3', 0, 'INSERT INTO "%s%s" VALUES(1)'
);
}
catchsql { CREATE VIRTUAL TABLE t4 USING echo(t3); }
} {1 {vtable constructor failed: t4}}
unset -nocomplain echo_module_begin_fail unset -nocomplain echo_module_begin_fail
finish_test finish_test